diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2006-05-06 16:28:56 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2006-05-06 16:28:56 +0000 |
| commit | 44d872259c6f1a3aab86d2fbbba4525f12b3d878 (patch) | |
| tree | cc791866bbd92587d2d2c8b9ed2b8e66c15db4d3 /src/http/ngx_http_request.c | |
| parent | 9a27196bd4dd2ac6c6c86aa786ae0b0aad84e610 (diff) | |
| download | nginx-release-0.3.45.tar.gz nginx-release-0.3.45.zip | |
nginx-0.3.45-RELEASE importrelease-0.3.45
*) Feature: the "ssl_verify_client", "ssl_verify_depth", and
"ssl_client_certificate" directives.
*) Change: the $request_method variable now returns the main request
method.
*) Change: the ° symbol codes were changed in koi-win conversion
table.
*) Feature: the euro and N symbols were added to koi-win conversion
table.
*) Bugfix: if nginx distributed the requests among several backends and
some backend failed, then requests intended for this backend was
directed to one live backend only instead of being distributed among
the rest.
Diffstat (limited to 'src/http/ngx_http_request.c')
| -rw-r--r-- | src/http/ngx_http_request.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 680b3bd45..5207fa1cc 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1172,8 +1172,12 @@ ngx_http_process_cookie(ngx_http_request_t *r, ngx_table_elt_t *h, static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r) { - size_t len; - u_char *ua, *user_agent, ch; + size_t len; + u_char *ua, *user_agent, ch; +#if (NGX_HTTP_SSL) + long rc; + ngx_http_ssl_srv_conf_t *sscf; +#endif if (r->headers_in.host) { for (len = 0; len < r->headers_in.host->value.len; len++) { @@ -1243,6 +1247,34 @@ ngx_http_process_request_header(ngx_http_request_t *r) return NGX_ERROR; } +#if (NGX_HTTP_SSL) + + if (r->connection->ssl) { + sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); + + if (sscf->verify) { + rc = SSL_get_verify_result(r->connection->ssl->connection); + + if (rc != X509_V_OK) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client SSL certificate verify error: %l ", rc); + ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); + return NGX_ERROR; + } + + if (SSL_get_peer_certificate(r->connection->ssl->connection) + == NULL) + { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent no required SSL certificate"); + ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); + return NGX_ERROR; + } + } + } + +#endif + if (r->headers_in.connection) { if (r->headers_in.connection->value.len == 5 && ngx_strcasecmp(r->headers_in.connection->value.data, "close") |